You can never be too careful when installing new software on your devices, especially if you own an Android phone or tablet. Even if an app looks safe, there is a chance that it could contain dangerous code. Even as Google fights back by patching vulnerabilities and closing loopholes, hackers find new ways to sneak malicious apps on to the Google Play store. In fact, one week ago, a security research firm found the Joker malware in yet another popular app on Google Play.
Joker malware found in popular Android apps
Last Thursday, mobile security firm Pradeo discovered another app on Google Play infected with the Joker malware. The app is called Color Message, and over 500,000 Android users had installed the app by the time Pradeo found it. On Google’s store, the app claims to help users personalize the theme of their default messenger. Frighteningly, Color Message had a stellar 4.1/5 rating on Google Play at the time of discovery with nearly 2,000 reviews. No wonder it was so popular.
The good news is that Google has since removed Color Message from its mobile app store. But that does not remove it from the phones of the victims who downloaded it in the first place. Be absolutely certain that you don’t have the app installed on any of your devices. This is made far more difficult by the fact that Color Message is capable of hiding its app icon after a user installs it. Therefore, you may have to dig into your device’s settings to uninstall the app.
According to Pradeo, once the app is installed, it can access your contact list and exfiltrate it over the network. Color Message will also attempt to subscribe you to paid services without your permission. The developer posted the app’s terms and conditions on this very sketchy blog. Unsurprisingly, the blog fails to detail any of the malicious actions the app will take once on your phone.
What is the Joker malware?
Researchers first discovered the Joker malware in 2017. In the years since, it’s appeared sporadically within seemingly innocuous apps on Google Play. This is Pradeo’s breakdown of Joker:
Joker is categorized as Fleeceware, as its main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect. In the last two years, the malware was found hiding in hundreds of apps.
Here are some other infected apps that Pradeo has uncovered in recent months. None of these apps are still on the Android app store, but they might be on your phone or tablet. If they are, delete them all as soon as humanly possible to avoid having your data or money stolen:
- Safety AppLock
- Convenient Scanner 2
- Push Message-Texting&SMS
- Emoji Wallpaper
- Separate Doc Scanner
- Fingertip GameBox
If you want to know more about Joker, the Android security team published a helpful blog post back at the beginning of 2020. It’s worth a read if you want to know more.